Our Open Source Software Analysis solution powered by Black Duck addresses the vulnerabilities posed by Open Source Software within companies
Organizations are under increased pressure to develop new applications to support digital transformation – whether internal or external facing.Open Source Software is an essential element in today’s application-development environment because it lowers costs, frees internal developers to work on higher-level tasks, and accelerates time to market.
Developers incorporate open source software, often without checking or documenting it. They are also unable to manage the OSS component during the entire cycle of software development, which makes it vulnerable to security attacks.
Open Source use is ubiquitous worldwide and leading organizations are stepping up efforts to address the security and management issues that open source use presents. According to Gartner, Open Source Software are included in mission-critical applications within almost all of Global 2000 enterprises, often without visibility into open source usage & associated risk/impact.
The overriding challenge is gaining good visibility into where open source is used. Without that visibility, effectively managing and securing open source is impossible, exposing organizations to significant security vulnerability and license risk. Hence, to address this concern, Sogeti and Black Duck have come together to help organizations find and remediate open source vulnerabilities and risks. The Capgemini and Sogeti Open Source Software Analysis service, powered by Black Duck, equips organizations to automate the processes of identifying and inventorying open source components, to find open source software risks, including known open source vulnerabilities, and to fix them.
Open source comes with three types of risks: security risks, when the OSS component contains a vulnerability (4000+ open source vulnerabilities reported each year); legal risks, when the OSS license does not authorize acceptable re-use; and operational risks, when the OSS community is not actively managing and improving the component. With the Sogeti OSS analysis services, customers will know all the OSS components that are included in their applications, and know all associated risks instantly.
Provides fast and ‘easy to start an OSS analysis’ program with no upfront investment and maximal flexibility to scale with changing business needs.
Delivers automated, accurate and detailed results, as soon as the client scans the application code.
Provides user-friendly dashboards and reporting to manage an application portfolio and collaborate across distributed teams. The client can find three types of information in the dashboard – security risks, legal risks and operational risks.
A technical account manager (usually a local Capgemini/Sogeti consultant) ensures overall customer satisfaction, drives adoption of the service, addresses issues, connects to experts and provides best practice guidance.
Integration with third-party software
Provides with REST API and out-of-the-box integration with tools such as Jenkins, Team City, Docker, Command Line, IBM AppScan (via results aggregation).
Feel free to contact your local Sogeti office or our global contact visible on this page for more information.